sepolicy(wifi): Allow wifi service access to wifi apex directories
Bug: 148660313
Test: Compiles
Change-Id: I4a973c4516fda5f96f17f82cd3a424b0ca89004b
diff --git a/private/apexd.te b/private/apexd.te
index 36b7999..9e702dd 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -18,6 +18,8 @@
allow apexd apex_module_data_file:file { create_file_perms relabelfrom };
allow apexd apex_rollback_data_file:dir create_dir_perms;
allow apexd apex_rollback_data_file:file create_file_perms;
+allow apexd apex_wifi_data_file:dir { create_dir_perms relabelto };
+allow apexd apex_wifi_data_file:file { create_file_perms relabelto };
# Allow apexd to read directories under /data/misc_de in order to snapshot and
# restore apex data for all users.
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 4419ff2..ea3c6b0 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -11,6 +11,7 @@
apex_module_data_file
apex_permission_data_file
apex_rollback_data_file
+ apex_wifi_data_file
app_integrity_service
app_search_service
auth_service
diff --git a/private/file_contexts b/private/file_contexts
index d459cf2..e95a1af 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -514,6 +514,7 @@
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
/data/misc/apexdata(/.*)? u:object_r:apex_module_data_file:s0
/data/misc/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
/data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
/data/misc/apns(/.*)? u:object_r:radio_data_file:s0
/data/misc/audio(/.*)? u:object_r:audio_data_file:s0
@@ -605,6 +606,8 @@
/data/misc_ce/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0
/data/misc_de/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
/data/misc_ce/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0
+/data/misc_de/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
+/data/misc_ce/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0
# Apex rollback directories
/data/misc_de/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0
diff --git a/private/system_server.te b/private/system_server.te
index ef527fd..ad22085 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1096,6 +1096,8 @@
allow system_server apex_module_data_file:dir { getattr search };
allow system_server apex_permission_data_file:dir create_dir_perms;
allow system_server apex_permission_data_file:file create_file_perms;
+allow system_server apex_wifi_data_file:dir create_dir_perms;
+allow system_server apex_wifi_data_file:file create_file_perms;
# Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can
# communicate which slots are available for use.
diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index 157ee55..f3ec058 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te
@@ -17,6 +17,7 @@
apex_module_data_file
apex_permission_data_file
apex_rollback_data_file
+ apex_wifi_data_file
backup_data_file
face_vendor_data_file
fingerprint_vendor_data_file
@@ -29,6 +30,7 @@
apex_module_data_file
apex_permission_data_file
apex_rollback_data_file
+ apex_wifi_data_file
backup_data_file
face_vendor_data_file
fingerprint_vendor_data_file